Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:23
erlang
1031-fix-crl-unwrap-outer-list-of-CRLs-when-an-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 1031-fix-crl-unwrap-outer-list-of-CRLs-when-an-URI-is-pro.patch of Package erlang
From f3948cd90e84c59439c00bff473b5cd40adefbb3 Mon Sep 17 00:00:00 2001 From: Thales Macedo Garitezi <thalesmg@gmail.com> Date: Tue, 17 May 2022 17:28:33 -0300 Subject: [PATCH 1/4] fix(crl): unwrap outer list of CRLs when an URI is provided Currently, if one uses `ssl_crl_cache:insert/2` providing the URI of the distribution point of a CRL, when a connection is attempted, it fails with a `{unexpected_error,function_clause}`. This traces to `ssl_handshake:dps_and_crls/3`, which eventually ends up calling `public_key:der_decode/2` with a list-wrapped CRL DER binary instead of simply the DER binary. --- lib/ssl/src/ssl_crl_cache.erl | 2 +- lib/ssl/src/ssl_pkix_db.erl | 2 +- lib/ssl/test/ssl_crl_SUITE.erl | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/ssl/src/ssl_crl_cache.erl b/lib/ssl/src/ssl_crl_cache.erl index 095e3e8b44..7a8bcf5758 100644 --- a/lib/ssl/src/ssl_crl_cache.erl +++ b/lib/ssl/src/ssl_crl_cache.erl @@ -175,7 +175,7 @@ cache_lookup(URL, {{Cache, _}, _}) -> case ssl_pkix_db:lookup(string:trim(Path, leading, "/"), Cache) of undefined -> []; - CRLs -> + [CRLs] -> CRLs end. diff --git a/lib/ssl/src/ssl_pkix_db.erl b/lib/ssl/src/ssl_pkix_db.erl index dbdae5307c..88ef23a60a 100644 --- a/lib/ssl/src/ssl_pkix_db.erl +++ b/lib/ssl/src/ssl_pkix_db.erl @@ -352,7 +352,7 @@ new_trusted_cert_entry(File, [CertsDb, RefsDb, _ | _]) -> add_crls([_,_,_, {_, Mapping} | _], ?NO_DIST_POINT, CRLs) -> [add_crls(CRL, Mapping) || CRL <- CRLs]; add_crls([_,_,_, {Cache, Mapping} | _], Path, CRLs) -> - insert(Path, CRLs, Cache), + insert(Path, CRLs, Cache), [add_crls(CRL, Mapping) || CRL <- CRLs]. add_crls(CRL, Mapping) -> diff --git a/lib/ssl/test/ssl_crl_SUITE.erl b/lib/ssl/test/ssl_crl_SUITE.erl index 58b0f8cb76..ce614cbfeb 100644 --- a/lib/ssl/test/ssl_crl_SUITE.erl +++ b/lib/ssl/test/ssl_crl_SUITE.erl @@ -240,6 +240,8 @@ crl_verify_valid(Config) when is_list(Config) -> end, {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + ssl_crl_cache:insert("http://localhost/erlangCA/crl.pem", {file, filename:join([PrivDir, "erlangCA", "crl.pem"])}), + ssl_crl_cache:insert("http://localhost/otpCA/crl.pem", {file, filename:join([PrivDir, "otpCA", "crl.pem"])}), ssl_crl_cache:insert({file, filename:join([PrivDir, "erlangCA", "crl.pem"])}), ssl_crl_cache:insert({file, filename:join([PrivDir, "otpCA", "crl.pem"])}), -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor